Privacy Policy

Welcome to the Titolo GmbH privacy policy

We appreciate your interest in our company. We take the protection of your personal data very seriously and so would like to inform you about the processing of your data as comprehensively as possible.
Processing of personal data, such as the name, address, email address or telephone number of a data subject, is always be carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to Titolo GmbH. Our company would like to use this privacy policy to inform the public about the nature, extent and purpose of the personal data we collect, use and process. We would also like to use this privacy policy to inform data subjects about their rights.

1. Definition of terms

The Titolo GmbH privacy policy is based on the terms used by the European Guidelines and Regulatory Authority when adopting the General Data Protection Regulation (GDPR). Our data policy should be easy to read and understand, both by the public and by our customers and business partners. To ensure this, we would like to begin by explaining the terms used.
In this privacy policy we use the following terms:
a)    Personal data
Personal data is all information relating to an identified or identifiable natural person (hereinafter called "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b)    Data subject
A data subject is any identified or identifiable natural person, whose personal data is processed by a data controller responsible for the processing.
c)    Processing
Processing is any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
d)    Restriction of processing
Restriction of processing is marking stored personal data with the aim with the aim of limiting its processing in future.
e)    Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f)     Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g)    Controller or controller responsible for the processing
Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of processing are determined by European Union law or the law of the Member States, the controller or the specific criteria for its nomination may be designated by European Union law or the law of the Member State.
h)    Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i)      Recipient
Recipient is a natural or legal person, public authority, agency or any other body to whom personal data is disclosed, irrespective of whether it is a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.
j)      Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k)    Consent
The data subject’s consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


2. Name and contact information of controller

This privacy policy provides information about the processing of personal data on the website of:
Controller:
Titolo GmbH,
Zeughausgasse 19
3011 Bern
E-mail: privacy@titolo.ch ,
Phone: +41 31 312 95 00

Contact information of data protection officer:
The Titolo GmbH data protection officer can be contacted as follows:

Titolo GmbH, Zeughausgasse 19, 3011 Berne
E-Mail: privacy@titolo.ch
Telefon: +41 31 312 95 00

2. Extent and purpose of processing of personal data

2.1 Accessing the website
When you access this website: www.titolo.ch , the internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file. Until the automatic erasure, the following data is stored without further input by the visitor:
IP address of the visitor’s device,
Date and time of visitor access,
Name and URL of the page accessed by the visitor,
Website from which the visitor arrived at the website (so-called referrer URL),
Browser and operating system of the visitor’s device, as well as the name of the access provider used by the visitor.
The processing of such personal data is in accordance with Art. 6 (1), sentence 1 lit f) of the GDPR. The company has a legitimate interest in the data processing for the purpose of
Rapidly connecting to the website of the company,
Enabling user-friendly use of the website,
Identifying and ensuring the security and stability of the systems and
Facilitating and improving the administration of the website.
2.2 Data collection during registration and payment processing
For the purposes of registration and payment processing, data such as the object of purchase, shopping basket, name, date of birth, address, email address, delivery address, payment type and bank data is collected and processed by us, insofar as the processing is necessary for the performance of the contract or if the customer has consented to the processing.
The legal basis for processing of personal data is Art. 6 (1), Sentence 1, lits a) and b) GDPR.
2.2 Contact form
Visitors can submit messages to the company via email through our link on the website. In order to be able to receive an answer, at least a valid email address is required. All other information can be voluntarily provided to the person making the request. By sending the message via email, the visitor agrees to the processing of the transmitted personal data. The data is processed exclusively for the purpose of processing and responding to requests via the contact form. This will be done on the basis of the voluntarily granted consent pursuant to Art. 6(1), sentence 1, lit a) GDPR. The personal data collected for the use of the contact form is automatically deleted once the request has been completed and there are no grounds for further storage.
2.3 Newsletter
By registering for subscription to a newsletter, visitors expressly consent to the processing of the personal data transmitted. If you have agreed to receive our newsletter customised to your individual interests, we will process your email address and your first name, name, country, language and gender in particular for the purpose of dispatching the newsletter. With your consent, we will record your user behaviour on our website. This evaluation of user behaviour includes in particular, which areas of the applicable website you visit, and what links you activate there. This creates personalised user profiles assigned to your person and/or email address, to better align any potential advertising campaigns, particularly in the form of newsletters and on-site advertisements, with your personal interests, and to improve the web content.
The legal basis for processing the personal data of the visitor for the purpose of sending newsletters is consent pursuant to Art. 6(1), sentence 1, lit a) GDPR.
The visitor can unsubscribe from receiving future newsletters at any time. This can be done by using a special link at the bottom of the newsletter or by sending a message via email to info@titolo.ch.

3. Transfer of data

Personal data will be transferred to a third party, ifpursuant to Art. 6(1), sentence 1, lit a) GDPR it has been expressly consented to by the data subject, the transfer pursuant to Art. 6(1) sentence 1, lit f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to believe that the data subject has an overriding legitimate interest in non-disclosure of their data,for the  transmission of data pursuant to Art. 6(1) sentence 1 lit c) GDPR, there is a legal obligation, and/orpursuant to Art. 6(1), sentence 1, lit b) GDPR, this is required for the fulfillment of a contractual relationship with the data subject.In other cases, personal data will not be passed on to third parties.
 
4. Cookies

So-called cookies are used on the website. These are data packets exchanged between the Titolo GmbH server and the visitor's browser. These are stored when you visit the website by the devices used (PC, notebook, tablet, smartphone, etc.). Cookies cannot damage the devices used. In particular, they contain no viruses or other malicious software. Cookies store information which is related to the specific terminal used. Titolo GmbH cannot use them to obtain direct knowledge of the identity of the visitor to the web site.
Cookies are largely accepted by default browser settings. The browser settings can be configured so that cookies are not accepted, either on the equipment used, or with specific notice being given before a new cookie is created. It is however important to note that disabling cookies may affect the optimum functionality of the website.
Cookies help to make it easier to use the company website. Session cookies, for example, can be used to keep track of whether the visitor has already visited individual pages of the website. Session cookies are automatically deleted when you leave the website.
Temporary cookies are used to enhance user-friendliness. They are stored on the visitor's device for a temporary period. When you visit the website again, it automatically detects that the visitor already accessed the site at an earlier point in time and which inputs and settings were made so as not to have to repeat these.
Cookies are also used to analyse the number of times the website was accessed for statistical purposes and for the purpose of improving the content. When you next visit the website, cookies make it possible to automatically detect that the web page was previously accessed by the visitor. We use both temporary and permanent cookies on our website. If cookies are linked to personal data, they are deleted if and to the extent that storage is no longer required for the purpose of data collection. Cookies can be deleted by the visitor at any time.
The data processed through the use of cookies is for the above purposes of safeguarding the legitimate interests of Titolo GmbH justified on the basis of Art. 6 (1), sentence 1 lit f) GDPR.

5. Analysis services for websites and social plugins

Analysis services and Facebook Social Plugins from the provider Facebook (Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA), Google (Adverts, Analytics) (Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA), Instagram (Instagram LLC, Willow Road Menlow Park CA94025 (USA)
These allow you, in particular, to share contents of the website with your network contacts. As a result of the integration, network providers receive information that the corresponding web page of our website was accessed from your IP address. If you are logged in to the network, the network provider may also associate your visit to our website with your network account. Our analysis services work exclusively with pseudonymised user profiles, which do not make it possible to identify the data subject.

Further information can be found at:

Facebook:    https://www.facebook.com/legal/FB_Work_Privacy
Instagram:    https://help.instagram.com/155833707900388
Google:    https://policies.google.com/privacy?hl=en
Criteo:        https://www.criteo.com/privacy/
Webgains:     http://www.webgains.com/public/en/privacy/
Trbo:         http://www.trbo.com/datenschutz/


The legal basis for the use of the analysis tools and social plugins is Art. 6(1), sentence 1, lit f) GDPR. The website analysis is in the legitimate interest of our company and is used for statistical recording of the site usage to continuously improve our website and range of services.

6. Your rights as a data subject

Insofar as your personal data will be processed during a visit to our website, as a "data subject" within the meaning of the GDPR, you have the following rights:
6.1 Right to confirmation
Each data subject shall have the right granted by the European directives and regulators to obtain confirmation from the controller as to whether or not personal data concerning him or her is being processed. If a data subject wishes to avail himself or herself of this right of confirmation, he or she may, at any time, contact an employee of the controller.
6.2 Information
You can request information from us about whether your personal data is processed by us. The right to information is excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or is stored exclusively for the purpose of data backup or data protection control, provided that the exchange of information would incur disproportionately high costs and processing for other purposes by suitable technical and organisational measures is ruled out. If in your case the right of access to information is not excluded and your personal data is processed by us, you can request disclosure from us about the following information:
Purposes of the processing, Categories of the personal data about you that is processed,
Recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations,
Where possible, the envisaged period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that storage period,
The existence of the right of rectification or erasure or restriction on processing of your personal data or a right to object to such processing, The existence of the right to lodge a complaint with a supervisory authority, If the personal data was not collected from you as the data subject, the available information on the origin of the data. Or where applicable, the existence of automated decision-making, including profiling and meaningful information about the logic involved and also the scope and desired impact of the automated decision-making. Where applicable, in case of the transmission to recipients in third countries, provided that there is no decision of the EU Commission regarding the adequacy of the level of protection according to Art. 45(3) of the GDPR, information about which appropriate guarantees pursuant to Art. 46(2) GDPR have been provided for the protection of personal data.
6.3 Rectification and completion. If you determine that we may hold inaccurate personal data about you, you can request immediate correction of this incorrect data. In the case of incomplete personal data, you may request completion.
6.4 Erasure. You have a right to erasure ("Right to be forgotten"), insofar as the processing is not required to exercise the right to freedom of expression, the right to information or for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest, and one of the following reasons applies: The personal data is no longer necessary for the purposes for which it was processed. The basis of the justification for the processing was exclusively your consent, which you have withdrawn. You have objected to the processing of your personal data, which we have made publicly available. You have objected to the processing of personal data not made publicly available by us and there are no overriding legitimate grounds for the processing.
Your personal data has been processed unlawfully.
The erasure of the personal data is required to comply with a legal obligation, to which we are subject.
No claim for erasure exists if, in the event of legitimate non-automated data processing, due to the specific nature of the storage, it is not possible or only with disproportionately high expense and your interest in the erasure is minimal. In this case, limitation of processing